Have you ever been SMiShed? That's not as personal a question as it may sound to the uninitiated, but it does relate to protecting your personal data.

SMiShing, a term coined by researchers for the McAfee security software firm, describes a form of phishing in which the bad guys send an SMS (short message service) message to a person's mobile phone. The first such messages purported to come from dating-service Web sites. Victims would receive a message announcing that the site intended to charge them US$2 a day unless they visited the URL listed in the message and followed the steps outlined there to unsubscribe from the service. Upon browsing to the URL (via computer), victims would get hit with drive-by downloads that installed Trojan horse software that subsequently would steal passwords and do other nasty things to the victims' PC.

I can see how this kind of attack might succeed. Many people don't have the same level of suspicion about text messages that they do about spam or instant messages on a PC. On top of that, every cell phone user I know is wary of being "slammed" with charges for premium-rate services on their mobile phone bill.

Worms that infect PCs have begun to add SMiShing attacks to their menu of malicious activities as well. The VBS/Eliles worm, for instance, infects Windows PCs by opening a back door and giving the perpetrator remote access to the computer. It also launches SMiShing attacks by sending messages to cell phone customers. This particular worm targets the e-mail-SMS gateway at two mobile phone companies in Spain. Fortunately, the worm's creators weren't very sophisticated--most antivirus programs will detect the Eliles worm and delete it before it can cause trouble.

It's impossible for a company to add charges to your bill, unless you knowingly signed up for its service and provided a cell phone number so it could send you messages. So if you get a SMiShing-style SMS message and don't remember signing up for anything, just delete the message and ignore the instructions. The scam works because people visit the Web page without thinking twice about it.